Try sending without request_object in authorization request fails (!488) · Merge requests · OpenID Foundation / conformance-suite

Vinh Le Quoc requested to merge dev-branch-4 into master Apr 16, 2019

Created BuildRedirectToAuthorizationEndpoint to generate the authorization url with claims, nonce, state, client_id, etc.

Added new FAPI-RW-ID2 and FAPI-RW-ID2-OB tests that send without "request_object" in authorization request for private_key_jwt and mtls_client_auth authentication. The expected result that server must reject for all of these tests.

Added these tests to test plans (fapi-rw-id2-with-mtls-test-plan, fapi-rw-id2-with-private-key-and-mtls-holder-of-key-test-plan, fapi-rw-id2-ob-with-mtls-test-plan and fapi-rw-id2-ob-with-private-key-and-mtls-holder-of-key-test-plan).

closes #68 (closed)

Edited Apr 17, 2019 by Vinh Le Quoc

Try sending without request_object in authorization request fails

Merge request reports